JS/Kryptik.I jak usunąc


(Wronarafal) #1

Proszę o pomoc, JS/Kryptik.I zagnieździł się i nie chce po dobroci odejść.

 

OTL raport: http://www.wklej.org/id/1465562/

 

Extras raport: http://www.wklej.org/id/1465564/

 

Kontakt: wronarafal@vp.pl

 

Pozdrawiam i z góry dziękuje za wszelką pomoc.


(Acorus) #2

Odinstaluj WindowsMangerProtect20.0.0.722.Pobierz i uruchom AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Szukaj i później Usuń.

Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.

Uruchom FRST i kliknij Scan. Pokaż raport FRST i Addition.


(Wronarafal) #3

Wykonałem wg instrukcji.

Raport FRST: http://wklej.org/id/1465959/

Addition: http://wklej.org/id/1465960/


(Acorus) #4

Otwórz Notatnik i wklej:

Task: {116DD026-A479-4FFA-AC3C-7EF8F83EB28C} - System32\Tasks\temp_hdtotal1.3-enabler = C:\Users\WRONAR~1\AppData\Local\Temp\nst8C7.tmp\hdtotal1.3-enabler.exe ==== ATTENTION
Task: {654B49E1-A241-4CE5-AE4E-0EECED257DC2} - System32\Tasks\temp_7f1686b7-ae3f-42c2-8914-974b05eaaa0c-2 = C:\Users\WRONAR~1\AppData\Local\Temp\nst2491.tmp\7f1686b7-ae3f-42c2-8914-974b05eaaa0c-2.exe ==== ATTENTION
Task: {8A266A17-BB45-4560-B9EA-AED31420E9B9} - System32\Tasks\3acf9a70-1a99-4e96-962c-fb7ed7f05265-5 = C:\Program Files (x86)\GoPhoto.it V9.0\3acf9a70-1a99-4e96-962c-fb7ed7f05265-5.exe ==== ATTENTION
Task: {9092BC88-92F4-4015-956B-068EC4795827} - System32\Tasks\hdtotal1.3-updater = C:\Program Files (x86)\hdtotal1.3\hdtotal1.3-updater.exe
Task: {91D5A88B-BA8D-4411-845E-1028D6F7262A} - System32\Tasks\hdtotal1.3-firefoxinstaller = C:\Program Files (x86)\hdtotal1.3\hdtotal1.3-firefoxinstaller.exe
Task: {B2AA8993-92DA-4621-B590-B99B48640DD7} - System32\Tasks\3acf9a70-1a99-4e96-962c-fb7ed7f05265-2 = C:\Program Files (x86)\GoPhoto.it V9.0\3acf9a70-1a99-4e96-962c-fb7ed7f05265-2.exe ==== ATTENTION
Task: {B7023B63-409F-4966-AEE2-05496484B521} - System32\Tasks\hdtotal1.3-enabler = C:\Program Files (x86)\hdtotal1.3\hdtotal1.3-enabler.exe
Task: {BB2341AA-2821-4B31-816C-F54A87EC9A20} - System32\Tasks\3acf9a70-1a99-4e96-962c-fb7ed7f05265-3 = C:\Program Files (x86)\GoPhoto.it V9.0\3acf9a70-1a99-4e96-962c-fb7ed7f05265-3.exe ==== ATTENTION
Task: {DAF107AD-7935-4F23-AE3B-A6E65424A2ED} - System32\Tasks\temp_3acf9a70-1a99-4e96-962c-fb7ed7f05265-2 = C:\Users\WRONAR~1\AppData\Local\Temp\nsj6203.tmp\3acf9a70-1a99-4e96-962c-fb7ed7f05265-2.exe ==== ATTENTION
Task: {E70BBDC2-89B8-47C5-8695-0D996615091C} - System32\Tasks\temp_Torntv V9.0-enabler = C:\Users\WRONAR~1\AppData\Local\Temp\nsvA721.tmp\Torntv V9.0-enabler.exe ==== ATTENTION
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {60590C88-1622-486E-B747-262962D8010E} URL = http://start.mysearchdial.com/results.php?f=4q={searchTerms}a=irmsd103cd=2XzuyEtN2Y1L1QzuyD0AyCyB0BtDzz0E0E0CyEtD0C0AyCyBtN0D0Tzu0CyCyCyEtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtAcr=115557725ir=
SearchScopes: HKLM-x32 - {60590C88-1622-486E-B747-262962D8010E} URL = http://start.mysearchdial.com/results.php?f=4q={searchTerms}a=irmsd103cd=2XzuyEtN2Y1L1QzuyD0AyCyB0BtDzz0E0E0CyEtD0C0AyCyBtN0D0Tzu0CyCyCyEtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtAcr=115557725ir=
SearchScopes: HKCU - {60590C88-1622-486E-B747-262962D8010E} URL = http://start.mysearchdial.com/results.php?f=4q={searchTerms}a=irmsd103cd=2XzuyEtN2Y1L1QzuyD0AyCyB0BtDzz0E0E0CyEtD0C0AyCyBtN0D0Tzu0CyCyCyEtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtAcr=115557725ir=
FF Extension: Website Counselor - C:\Users\WronaRafal\AppData\Roaming\Mozilla\Firefox\Profiles\dobscdut.default\Extensions\{cc6cc772-f121-49e0-b1f0-c26583cb0c5e} [2014-09-16]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaPlayerV1alpha886.net] - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha886\ff
CHR Extension: (No Name) - C:\Users\WronaRafal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfjbdjailljfihgkoccfbiljjapiijb [2014-04-13]
CHR Extension: (No Name) - C:\Users\WronaRafal\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbeihidkikgdcoogkeoeconphggdhop [2014-03-22]
CHR Extension: (No Name) - C:\Users\WronaRafal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphjehcgndcjccmghmjmeeabfecdiilm [2014-04-13]
S2 Update Yawtix; "C:\Program Files (x86)\Yawtix\updateYawtix.exe" [X]
2014-09-16 21:45 - 2014-06-06 20:05 - 00000000 ____ D () C:\AdwCleaner
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.